This week I guest-authored another article over at CrowdExpert, which you can read here. The article discusses Rule 144, which is one the primary mechanisms by which restricted securities — securities sold in private offering transactions such as Rule 506 are restricted from being resold — are resold, and have enabled the rise of “secondary markets” for the securities of privately-held companies.
Before the holidays, I guest-authored an article over on CrowdExpert.com, providing a quick guide to the various exemptions to securities registration at the federal level. Feel free to head over to CrowdExpert.com to check out the article here. Hopefully you’ll get a good sense of the various federal securities exemptions — though, as always, you should obtain legal counsel if undertaking a securities offering.
Startups frequently have their employees and key contractors, suppliers, and/or partners sign confidentiality agreements to protect the confidential information and trade secrets that the startup may share with those parties. However, courts have consistently held that confidentiality agreements are unenforceable — not really worth the paper they are printed on — when the company seeking the benefit of the agreement has taken no steps to protect their confidential information and trade secrets. The law is clear that a confidentiality agreement itself is not enough to protect confidential information. In order to benefit from a confidentiality agreement, a company must take additional proactive steps to protect the information from disclosure. Such steps must include, at a minimum, ensuring that all persons and entities to whom the information is disclosed are subject to confidentiality or similar agreements themselves, and marking protected information as confidential. Other steps courts have looked for in determining whether a company has actively protected its confidential information include: – Restricting access to confidential information, whether it be locking paper files in a cabinet, or password-protecting/encrypting electronic files – Granting access to confidential information on a need-to-know basis – Monitoring/logging who accesses confidential information The extent to which confidential information must be protected in order to constitute “reasonable steps” depends on the particular facts of the situation. A Fortune 500 company may be expected to have in place more sophisticated encryption and monitoring systems for its confidential information, as compared to a much smaller startup. However, even a small startup will be expected to take some steps to protect its confidential information when it seeks the benefit of a confidentiality agreement. Again, at the very least a startup should make sure that every party which is made privy to confidential information is subject to some sort of confidentiality agreement, and that all documents or information that is confidential is marked as so. Finally, confidential or trade secret documents should be secured behind some sort of password. Some cloud-storage/file-sharing services may even record when a document is viewed and by whom.
In all likelihood, you’ve agreed to a contract that includes a clause to the effect of “In the event of a breach by Party A, the parties agree that Party B shall be entitled to damages in the amount of $10,000”. This is what is known as a liquidated damages clause. Liquidated damages are a dollar figure or formula for calculating in damages agreed to in advance by the parties in the event of a breach of the agreement. Liquidated damages are used where it may be difficult or even impossible, or time- and resource-consuming, to calculate actual damages in the event of a breach. The idea of liquidated damages is to achieve cost-containment in litigation and to promote judicial economy, which is why courts often enforce liquidated damages Generally speaking, courts will enforce liquidated damages clauses only where the calculation of actual damages is too difficult, and where the liquidated damages are reasonable — excessive liquidated damages may be considered penalties, which are disfavored and almost always unenforceable under contract law. So should you have a liquidated damages clause in your agreements? Certainly if damages from a breach of your agreement would be difficult to calculate — liquidated damages can reduce the costs of recovery. But what if damages are more readily calculable? Technically speaking, liquidated damages are only supposed to be used and upheld where calculating actual damages is impractical. However, some courts seem to be favoring the use of liquidated damages as a means of achieving judicial economy — courts do not need to hold trials on the issue of damages where a liquidated damages clause exists (although it may leads to motions for parties who want to get out of the clause). Having a liquidated damages clause can save you time and resources in the event of a lawsuit following a breach. Courts also seem to be looking more and more favorably upon liquidated damages clauses. However, it is important to be cognizant that liquidated damages must be reasonable; therefore, if actual damages are readily calculable and out of proportion to the liquidated damages, it becomes more likely that a court will refuse to enforce the clause.
The Federal Trade Commission recently issued amended guidance on enforcement of the requirement that websites and applications subject to COPPA, or the Children’s Online Privacy Protection Act (any website or application that directs itself to, or has actual knowledge that it collects information from, children under the age of 13), obtain “verifiable parental consent” prior to the collection and use of children’s information. The FTC has encouraged web and app developers to design new methods of verifying parental consent as long as such methods show “reasonable effort…to ensure that a parent…receives notice…and authorizes the collection, use, and disclosure…of personal information…before that information is collected”. Many early methods for obtaining verifiable parental consent revolve around the use of credit card information. In the FTC’s new guidance, the Commission has clarified that while charging a credit card may be a sufficient method (since the parent would presumably see the charge on the monthly credit card statement and thus have notice of the child’s activity), merely collecting credit card information is not sufficient. However, credit card information in connection with other verification steps may be sufficient to meet the verifiable parental consent requirement. The FTC also affirmed that mobile application developers may rely on an app store’s COPPA-compliant parental consent method, and may also rely on third-party platforms that obtain COPPA-compliant parental consent; however, the liability for obtaining verifiable parental consent still rests on the actual web or app developer, not on the developer of the third-party parental consent platform.